Creating SSH keys

For many years the most common format for ssh keys has been RSA. But there are newer, more efficient formats.

IMSS recommends using ECDSA and NIST-P384 for new keys. ECDSA is widely adopted and allows for the same or better security than RSA keys but with smaller key sizes. To create a new key use the following command and be sure to use a passphrase of reasonable length and complexity:

ssh-keygen -t ecdsa -b 384 -f ~/.ssh/id_ecdsa -C "[email protected]"

Please be sure to keep your private key private. As a reminder, the permissions for your ~/.ssh directory should be "drwx------" and your key should be "-rw-------". The public half of your key can be readable, e.g. "-rw-r--r--".